SPAA takes open banking to the next level
Connective Payments, October 2023
SPAA is coming
In an earlier article on open banking we briefly discussed SPAA, which stands for SEPA Account Access. SPAA, an initiative of the European Payment Council (EPC), is a new, voluntary payment scheme. Enrollment for banks and third-party providers has opened on 1 September 2023.
The scheme’s ambition is to drive ‘open payments’ in Europe and to become the de facto European standard in the field of open banking. SPAA is not a payment means or a payment instrument itself, but it offers a way to transport information in relation to payment accounts and transactions via APIs. It is envisaged that the scheme will evolve further over time to support more elaborate functionalities, in line with market demand, possibly even beyond payments.
It works through Payment Initiation Services (PIS) over the SCT Inst rails. All currencies in the SEPA zone are supported, so in addition to the euro, for example, also British pounds and Danish crowns.
The Connective Payments Open Banking file
PSD2 needs to be improved
Many market parties experience PSD2, the European standard for open banking that has applied until now, as defective. The European Commission recently published a comprehensive review of PSD2, which shows that there were, and still are, quite a few problems with its implementation. We pointed out many of those problems in our Insights series on PSD2. As a result, the desired development of new innovative services based on (payment) data is lagging behind. In response, the European Commission wants to remove as many barriers as possible. Hence the renewed PSD3 directive, and in particular the PSR (Payment Services Regulation), which sets out stricter rules on access to payment systems and account information compared to PSD2.
Three parallel developments
At the same time, the EPC aims to create an attractive open banking ecosystem for all participants, primarily based on cross-industry collaboration instead of (PSD) compliance. The launch of the SPAA scheme coincides with two other major developments that aim to drastically change the European payments landscape: the aforementioned PSD3/PSR and the European Payments Initiative (EPI). These three developments are currently running in parallel. The question is to what extent they compete with each other or are complementary and ultimately come together in the interest of European citizens and companies, who need simplicity and low costs.
We spoke with Gijs Boudewijn, who co-chairs the SPAA Multi-Stakeholder Group (SPAA MSG) on behalf of the banks. Gijs shares that position with Arturo González Mac Dowell on behalf of the TPPs. The SPAA MSG, which falls under the EPC Board, currently consists of 30 members, with an equal distribution of banks and TPPs.
SPAA focuses on Asset Holders and Asset Brokers
SPAA focuses in particular on the relationship between so-called Asset Holders (the party that manages the data on behalf of a private individual or organisation) and Asset Brokers (the party that requests access to the data in order to provide a service to that same private individual or organisation). (1)
A typical Asset Holder is a bank, or the ASPSP in PSD2 terms. A typical Asset Broker is a fintech company that does not offer (current) accounts itself. In the remainder of this article we use AH Bank (Asset Holder) and ABFinance (Asset Broker) as imaginary examples. The two roles are part of a generic 4-corner model that is reminiscent of the model used in the cards ecosystem to distinguish between issuing and acquiring roles.
SPAA will launch on November 30
The EPC is serious about SPAA: the scheme should, subject to decision by the EPC Board, come into effect on November 30, after years of preparation. Asset Holders such as AH Bank and Asset Brokers such as ABFinance can register from September 1. Participation is on a voluntary basis.
On June 26, a new version (1.1) of the SPAA scheme rulebook was published, defining the Asset Holder and Asset Broker roles that scheme participants can choose to play.
The rulebook makes a distinction between “basic” services and “premium services”.
- “Basic” services are the same services that today fall within the scope of PSD2 and that ASPSPs like banks are required to offer free of charge. The SPAA scheme rulebook provides more specific and detailed technical and operational guidelines for accessing and using payment data than PSD2. Areas include authentication, privacy, security and liability.
- “Premium” services are outside the scope of PSD2 and are optional. In the field of payments, this concerns, for example, multiple payments, payment certainty mechanisms, pre-authorizations and e-mandates. In the future, dynamic recurring payments will also be possible. Then, for example, an app can automatically transfer the remaining balance on the account to a savings account at the end of the month. Or automatically cancel the negative balance on one account with a transfer from another account.
SPAA also explicitly positions itself as an enabler of open finance. The intention is that eventually all data that is entrusted by a private individual or organisation to a financial institution such as a bank can be accessed via the SPAA APIs. Consider, for example, mortgage data, identity services or accounting services.
A Minimum Viable Product (MVP) has been established, with which the scheme will start on November 30.
Default remuneration model
For all participants in SPAA, an annual scheme fee to the EPC of (currently) € 222 applies. In addition, the Asset Broker pays a fee to the Asset Holder for each API call. There will be fees for both basic and premium services. The SPAA scheme is preparing a “default remuneration model” for this purpose, which will be published in November. Thereafter, this model will be actively calibrated to make participation in SPAA as attractive as possible for all parties. Because fees will expectedly be passed on to the “Asset Users”, they too will have to experience the benefits of SPAA. For Gijs Boudewijn, this will be the most exciting step in the development process: after all, the banks have an interest in relatively high fees, and the TPPs in relatively low fees. Somewhere in between there is an optimum, which is set with the cooperation of PwC and in strict compliance with eu competition rules. “The model is based on a carefully crafted and objective cost calculation model which is being developed by an external economic consultant”, says Gijs Boudewijn. “To a large extent, we are navigating through yet uncharted waters here, and only by taking SPAA to the market we will be able to find out if the remuneration model is fit for purpose, i.e. if it allows for competitive pricing in the market.”
An automated Operational Scheme Manager will eventually be responsible for the settlement of access and functionality fees. For the time being, this is not yet available and the settlements will be maintained manually by the EPC.
By the way, the word “default” says it all: ABFinance and AH Bank can deviate from the default fees by agreeing bilaterally on lower rates. However, it is questionable whether parties will enter into such costly negotiations at this early stage.
PSD2 vs SPAA: risk of a fragmented ecosystem
Our Asset Broker ABFinance will soon be able to choose. Does it extract the desired payment data from the freely available but limited and troublesome PSD2 APIs? Or does it opt for the “industrial-quality” APIs via SPAA, with a better customer journey, in exchange for what the SPAA MSG calls a “small fee”? And what if not all banks relevant to ABFinance’s market participate in SPAA? So that ABFinance has to continue to support the PSD2 APIs in addition to the SPAA APIs?
Something similar will soon apply to AH Bank: it remains obliged to offer the PSD2 compliance APIs, but as a SPAA Asset Holder, it will also offer a similar basic service that functions better in practice.
The question is to what extent Asset Holders such as AH Bank will choose to put the PSD2 compliance APIs on the same technical footing as the basic SPAA APIs, in order to save IT development and maintenance costs. “That remains to be seen and will differ per bank”, says Gijs Boudewijn.
In any case, for the sake of “network efficiencies”, the participants in the SPAA scheme have an interest in having as many Asset Holders and Asset Brokers as possible join. The more participants, the less fragmented the open banking ecosystem, the higher the benefits and the lower the operational costs. In that sense, SPAA and PSD2 are competing solutions to the issue of how payment service providers can gain access to payment data.
“At Rabobank we see SPAA as a positive development. A value-driven approach means that open banking and open finance are stimulated from the market. Compared to PSD2, all parties involved will benefit, which is better than the current compliance-based approach. The broader focus on value added, premium services is also positive”, says Edwin Sanders, Lead Strategy Payments at Rabobank. “At the same time, we still have to determine how, and how quickly, we want to participate. Besides the fact that not all specifications and prices are known yet, the number of participants is an uncertain factor in the decision. That decision might have been simpler if SPAA had been adopted five years ago as a market-driven implementation of open banking in Europe. Now PSD2 will continue to exist alongside SPAA, which complicates the decision for the banks.”
The SPAA Scheme can count on support from the ECB and the European Commission, because harmonization, interoperability and access for third-party providers are taken to a higher level. The regulators welcome SPAA as a market initiative to fill in part of the Payment Service Regulation (PSR). Moreover, they see SPAA as an important enabler for the European vision in the field of open finance and open data. “Both the ECB and the European Commission (who are observers in the SPAA MSG) openly expressed their unequivocal support for SPAA as a truly European solution. For us, as co-chairs, those expectations were a strong motivation to move SPAA across the finish line against all odds”, says Gijs Boudewijn.
EPI vs SPAA: complementary developments
Together with its member banks, the European Payments Initiative (EPI) is building a new payments solution based on account-to-account payments. At the same time, those banks must provide free PSD2 access to their payment accounts to third parties (usually through APIs), who provide account information and payment initiation services. SPAA leverages on that and introduces premium features which EPI banks may provide at a price. Therefore, the two schemes regard each other as complementary. If our imaginary AH Bank decides to adopt EPI as its payment engine, there is nothing to stop it from using the SPAA scheme to give ABFinance and other PSPs access to the payment data it holds for its customers.
How can organisations participate in SPAA?
Interested parties must be able to provide appropriate documents proving that they meet the necessary requirements for offering (Asset Holder) or using (Asset Broker) the planned SPAA scheme services. This could, for example, be a corresponding PSD2 license in a SEPA country. Any interested party who meets the eligibility criteria set out in the rulebook can apply to become a participant in the SPAA scheme. The EPC secretariat must receive a signed version of the Adherence Agreement and Schedule Information accompanying the Adherence Agreement (2). By signing the entry agreement, the participants agree to respect the rules described in the rule book.
The EPC Secretariat will objectively determine whether the applicant can meet the eligibility criteria and make a decision on the application.
Connective Payments is here to help you
Joining the SPAA scheme could be an interesting option for both banks and payment service providers. Open banking and open finance are the future, and SPAA is a serious effort to bring these to the next level. PSPs can benefit from higher clarity and availability, and a broader range of financial data. For instance, while PSD2 is limited to checking account data such as income and expenses, access to savings account data through SPAA enriches the analysis of a customer’s financial situation. Banks can benefit for the same reasons, as well as the revenue from providing SPAA services. However, assessing the 119 pages of rules in the SPAA Scheme rulebook can be complex. Our consultants are ready to support you in the various phases of a SPAA project. First of all, to make the strategic considerations regarding possible participation, the selection of relevant premium services and the determination of the legal, functional, operational and technical requirements to prepare your organization for entry. We would be happy to discuss this with you. Let’s connect!
Many thanks to Gijs Boudewijn, Edwin Sanders and Hans Croon for their valuable contribution to this article.
1. SPAA focuses mainly on the relationship between so-called Asset Holders and Asset Brokers. The definitions of these roles are similar but more generic than the ASPSP and TPP roles in PSD2 respectively. The aim is that they can be used more broadly than just for payment data, with a view on future access to financial data.
With payment data as an example: a bank that makes payment data available is an ASPSP (PSD2) or an Asset Holder (SPAA). A company that wants to use that payment data is a TPP (PSD2) or an Asset Broker (SPAA). The owner of the data, the Asset Owner, a private individual or organization, has a business relationship with the Asset Holder. A so-called Asset User can, for example, be a merchant who uses the data requested by an Asset Broker. All this subject to permission from the Asset Owner.
2. Both documents are included in Annex I of version 1.1 of the rule book.